1. Forum
  2. tqwNet
  3. TQW GENTECH

  • TP-Link and NR routers targeted by worrying new botnet

    From TechnologyDaily@1337:1/100 to All on Thursday, December 26, 2024 17:45:05
    TP-Link and NR routers targeted by worrying new botnet

    Date:
    Thu, 26 Dec 2024 17:31:00 +0000

    Description:
    A new variant of the dreaded Mirai botnet is here, and it's targeting unpatched endpoints.

    FULL STORY ======================================================================Research ers discovered multiple vulnerable endpoints being targeted by a new Mirai variant The endpoints are assimilated into a botnet and used for DDoS attacks The vulnerabilities used in the attack are years old

    Mirai, an infamous botnet targeting Internet of Things (IoT) devices to use
    in Distributed Denial of Service (DDoS) attacks, has gotten a new variant which is now targeting multiple vulnerable devices, experts hae warned.

    The malware is reportedly going after DigiEver DS-2105 Pro NVRs, multiple TP-Link routers with outdated firmware, and Teltonika RUT9XX routers. For DigiEver, Mirai is abusing an unpatched remote code execution (RCE) vulnerability that doesnt even have a tracking number.

    For TP-Link, Mirai abuses CVE-2023-1389, and for Teltonika, its going for CVE-2018-17532. Its worth noting that the TP-Link flaw is a year old, while the Teltonika one is roughly six years old. That means that the crooks are mostly targeting organizations with poor cybersecurity and patching
    practices. Mirai is an active threat

    The campaign most likely started in September or October 2024, and according to researchers from Akamai, uses XOR and ChaCha20 encryption, and targets different system architectures, including ARM, MIPS, and x86.

    "Although employing complex decryption methods isn't new, it suggests
    evolving tactics, techniques, and procedures among Mirai-based botnet operators," Akamai said.

    This is mostly notable because many Mirai-based botnets still depend on the original string obfuscation logic from recycled code that was included in the original Mirai malware source code release."

    Experts from Juniper Research recently warned Mirai operators were looking
    for easy-to-compromise Session Smart routers.

    "On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms," Juniper said in its security advisory.

    Researchers also recently reported cybercriminals were exploiting a flaw in the AVM1203, a surveillance camera model designed and sold by Taiwanese manufacturer AVTECH, to hijack the endpoints and assimilate them into the Mirai botnet.

    Via BleepingComputer You might also like Juniper Networks warns Mirai botnet is back and targeting new devices Here's a list of the best antivirus tools
    on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/tp-link-and-nr-routers-targeted-by-worr ying-new-botnet


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)